Project

General

Profile

Actions

Bug #3989

closed

Segmentation fault when making a MO call: Assert failed msg_type == msg->msg_type gsm_04_08_cc.c:2017

Added by fixeria almost 5 years ago. Updated almost 5 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
-
Target version:
-
Start date:
05/09/2019
Due date:
% Done:

100%

Resolution:
Spec Reference:

Description

I just upgraded to the recent OsmoMSC refactoring "code bomb" patch merged. Both SMS and USSD seem to work just fine, but when I am trying to call, I am getting a segfault:

DRR DEBUG ran_peer.c:551 ran_peer(GERAN-A:RI-SSN_PC:PC-0-23-3:SSN-BSSAP)[0x1539400]{READY}: Received Event RAN_PEER_EV_MSG_UP_CO_INITIAL
DRLL DEBUG msc_a.c:1147 msc_a(unknown:GERAN-A-1:NONE)[0x15577e0]{MSC_A_ST_VALIDATE_L3}: Dispatching 04.08 message: MM GSM48_MT_MM_CM_SERV_REQ
DMM DEBUG gsm_04_08.c:738 msc_a(TMSI-0x765C0CA7:GERAN-A-1:CM_SERVICE_REQ)[0x15577e0]{MSC_A_ST_VALIDATE_L3}: Rx CM SERVICE REQUEST cm_service_type=MO-Call
DRR DEBUG ran_conn.c:119 ran_peer(GERAN-A:RI-SSN_PC:PC-0-23-3:SSN-BSSAP)[0x1539400]{READY}: Received Event RAN_PEER_EV_MSG_DOWN_CO
DRR DEBUG ran_peer.c:551 ran_peer(GERAN-A:RI-SSN_PC:PC-0-23-3:SSN-BSSAP)[0x1539400]{READY}: Received Event RAN_PEER_EV_MSG_UP_CO
DRR DEBUG ran_peer.c:551 ran_peer(GERAN-A:RI-SSN_PC:PC-0-23-3:SSN-BSSAP)[0x1539400]{READY}: Received Event RAN_PEER_EV_MSG_UP_CO
DRLL DEBUG msc_a.c:1147 msc_a(IMSI-262073993158656:MSISDN-123456:TMSI-0x765C0CA7:GERAN-A-1:CM_SERVICE_REQ)[0x15577e0]{MSC_A_ST_AUTHENTICATED}: Dispatching 04.08 message: CC GSM48_MT_CC_SETUP
DCC DEBUG transaction.c:152 trans(CC IMSI-262073993158656:MSISDN-123456:TMSI-0x765C0CA7 callref-0x80000001 tid-8) New transaction
DCC DEBUG gsm_04_08_cc.c:2151 trans(CC IMSI-262073993158656:MSISDN-123456:TMSI-0x765C0CA7:GERAN-A-1:CM_SERVICE_REQ callref-0x80000001 tid-8) rx SETUP in state NULL
DCC DEBUG gsm_04_08_cc.c:119 trans(CC IMSI-262073993158656:MSISDN-123456:TMSI-0x765C0CA7:GERAN-A-1:CM_SERVICE_REQ callref-0x80000001 tid-8) starting guard timer with 180 seconds
DCC DEBUG gsm_04_08_cc.c:189 trans(CC IMSI-262073993158656:MSISDN-123456:TMSI-0x765C0CA7:GERAN-A-1:CM_SERVICE_REQ callref-0x80000001 tid-8) new state NULL -> INITIATED
DCC INFO gsm_04_08_cc.c:567 trans(CC IMSI-262073993158656:MSISDN-123456:TMSI-0x765C0CA7:GERAN-A-1:CM_SERVICE_REQ callref-0x80000001 tid-8) SETUP to 995
DMNCC DEBUG gsm_04_08_cc.c:233 trans(CC IMSI-262073993158656:MSISDN-123456:TMSI-0x765C0CA7:GERAN-A-1:CM_SERVICE_REQ callref-0x80000001 tid-8) tx MNCC_SETUP_IND
DMNCC DEBUG mncc_builtin.c:285 (call 80000001) Call created.
DMNCC DEBUG mncc_builtin.c:295 (call 80000001) Received message MNCC_SETUP_IND
DMNCC DEBUG mncc_builtin.c:110 (call 80000001, remote 1) Creating new remote instance.
DMNCC DEBUG mncc_builtin.c:119 (call 80000001, remote 1) Accepting call.
Assert failed msg_type == msg->msg_type gsm_04_08_cc.c:2017

Some details: I am not running OsmoMGW, and using the built-in MNCC implementation.

gdb# bt
#0  0x00007ffff60b9c37 in __GI_raise (sig=sig@entry=0x6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff60bd028 in __GI_abort () at abort.c:89
#2  0x00007ffff7321f75 in osmo_panic_default (args=0x7fffffffa378, fmt=<optimized out>) at panic.c:49
#3  osmo_panic (fmt=<optimized out>) at panic.c:84
#4  0x00000000004656cd in mncc_tx_to_cc (net=0x760ee0, msg_type=0x108, arg=0x7fffffffa4f0) at gsm_04_08_cc.c:2017
#5  0x000000000041d32e in mncc_setup_ind (call=0x86b8e0, msg_type=0x102, setup=0x86e2f8) at mncc_builtin.c:120
#6  0x000000000041ddea in int_mncc_recv (net=0x760ee0, msg=0x86e270) at mncc_builtin.c:299
#7  0x000000000045d90d in cc_tx_to_mncc (net=0x760ee0, msg=0x86e270) at gsm_04_08_cc.c:129
#8  0x000000000045dff7 in mncc_recvmsg (net=0x760ee0, trans=0x86dd60, msg_type=0x102, mncc=0x7fffffffbd60) at gsm_04_08_cc.c:244
#9  0x000000000045fec5 in gsm48_cc_rx_setup (trans=0x86dd60, msg=0x868930) at gsm_04_08_cc.c:572
#10 0x0000000000466473 in gsm0408_rcv_cc (msc_a=0x868e20, msg=0x868930) at gsm_04_08_cc.c:2173
#11 0x000000000042834e in msc_a_up_l3 (msc_a=0x868e20, msg=0x868930) at msc_a.c:1195
#12 0x0000000000429001 in msc_a_ran_dec_from_msc_i (msc_a=0x868e20, d=0x7fffffffca10) at msc_a.c:1343
#13 0x0000000000429bba in msc_a_ran_decode_cb (msc_a_fi=0x86dc30, data=0x7fffffffca10, msg=0x7fffffffc390) at msc_a.c:1490
#14 0x000000000043cf31 in ran_decoded (ran_dec=0x7fffffffc9a0, ran_msg=0x7fffffffc390) at ran_msg.c:159
#15 0x0000000000441e2d in ran_a_decode_l3 (ran_dec=0x7fffffffc9a0, l3=0x868930) at ran_msg_a.c:854
#16 0x00000000004420a7 in ran_a_decode_l2 (ran_dec=0x7fffffffc9a0, bssap=0x868930) at ran_msg_a.c:878
#17 0x0000000000423812 in msc_role_ran_decode (fi=0x86dc30, an_apdu=0x7fffffffd390, decode_cb=0x429a2c <msc_a_ran_decode_cb>, 
    decode_cb_data=0x7fffffffca10) at msub.c:589
#18 0x0000000000423dd4 in msc_a_ran_dec (msc_a=0x868e20, an_apdu=0x7fffffffd390, from_role=MSC_ROLE_I) at msc_a.c:171
#19 0x0000000000425798 in msc_a_fsm_authenticated (fi=0x86dc30, event=0xa, data=0x7fffffffd390) at msc_a.c:460
#20 0x00007ffff731b560 in _osmo_fsm_inst_dispatch (fi=0x86dc30, event=0xa, data=0x7fffffffd390, file=0x48e5c6 "msc_i.c", line=0x55)
    at fsm.c:818
#21 0x0000000000422e37 in _msub_role_dispatch (msub=0x869d40, to_role=MSC_ROLE_A, to_role_event=0xa, an_apdu=0x7fffffffd390, 
    file=0x48e5c6 "msc_i.c", line=0x55) at msub.c:449
#22 0x000000000042bb94 in msc_i_ready_decode_cb (msc_i_fi=0x86da60, data=0x7fffffffd390, msg=0x7fffffffcc00) at msc_i.c:85
#23 0x000000000043cf31 in ran_decoded (ran_dec=0x7fffffffd210, ran_msg=0x7fffffffcc00) at ran_msg.c:159
#24 0x0000000000441e2d in ran_a_decode_l3 (ran_dec=0x7fffffffd210, l3=0x868930) at ran_msg_a.c:854
#25 0x00000000004420a7 in ran_a_decode_l2 (ran_dec=0x7fffffffd210, bssap=0x868930) at ran_msg_a.c:878
#26 0x0000000000423812 in msc_role_ran_decode (fi=0x86da60, an_apdu=0x7fffffffd390, decode_cb=0x42bb01 <msc_i_ready_decode_cb>, 
    decode_cb_data=0x7fffffffd390) at msub.c:589
#27 0x000000000042bd4f in msc_i_fsm_ready (fi=0x86da60, event=0xa, data=0x7fffffffd390) at msc_i.c:110
#28 0x00007ffff731b560 in _osmo_fsm_inst_dispatch (fi=0x86da60, event=0xa, data=0x7fffffffd390, file=0x497d49 "ran_peer.c", line=0x170)
    at fsm.c:818
#29 0x000000000044597f in ran_peer_st_ready (fi=0x86b7b0, event=0x2, data=0x7fffffffd4d0) at ran_peer.c:368
#30 0x00007ffff731b560 in _osmo_fsm_inst_dispatch (fi=0x86b7b0, event=0x2, data=0x7fffffffd4d0, file=0x497d49 "ran_peer.c", line=0x227)
    at fsm.c:818
--Type <RET> for more, q to quit, c to continue without paging--
#31 0x000000000044615e in ran_peer_up_l2 (sri=0x853640, calling_addr=0x0, co=0x1, conn_id=0x2, l2=0x868930) at ran_peer.c:551
#32 0x000000000040ae31 in sccp_ran_sap_up (oph=0x8689b8, _scu=0x853740) at sccp_ran.c:110
#33 0x00007ffff731b560 in _osmo_fsm_inst_dispatch (fi=0x86cf90, event=0xb, data=data@entry=0x850430, 
    file=file@entry=0x7ffff6c97697 "sccp_scoc.c", line=line@entry=0x68d) at fsm.c:818
#34 0x00007ffff6c871c1 in sccp_scoc_rx_from_scrc (inst=inst@entry=0x853520, xua=xua@entry=0x850430) at sccp_scoc.c:1677
#35 0x00007ffff6c84c30 in scrc_rx_mtp_xfer_ind_xua (inst=inst@entry=0x853520, xua=0x850430) at sccp_scrc.c:457
#36 0x00007ffff6c87e15 in mtp_user_prim_cb (oph=0x86aab8, ctx=0x853520) at sccp_user.c:176
#37 0x00007ffff6c7fd74 in m3ua_rx_xfer (xua=0x86d940, asp=0x84d3b0) at m3ua.c:586
#38 m3ua_rx_msg (asp=asp@entry=0x84d3b0, msg=msg@entry=0x86c4a0) at m3ua.c:739
#39 0x00007ffff6c8e67b in xua_cli_read_cb (conn=0x853350) at osmo_ss7.c:1650
#40 0x00007ffff7104d63 in osmo_stream_cli_read (cli=0x853350) at stream.c:213
#41 osmo_stream_cli_fd_cb (ofd=0x853350, what=0x1) at stream.c:297
#42 0x00007ffff7316cb4 in osmo_fd_disp_fds (_eset=0x7fffffffda40, _wset=0x7fffffffd9c0, _rset=0x7fffffffd940) at select.c:223
#43 osmo_select_main (polling=0x0) at select.c:263
#44 0x00000000004098dc in main (argc=0x3, argv=0x7fffffffdc48) at msc_main.c:744
#45 0x00007ffff60a4f45 in __libc_start_main (main=0x4090dc <main>, argc=0x3, argv=0x7fffffffdc48, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffffdc38) at libc-start.c:287
#46 0x0000000000408979 in _start ()
Actions #1

Updated by neels almost 5 years ago

  • Description updated (diff)
Actions #2

Updated by neels almost 5 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 90
Actions #3

Updated by neels almost 5 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 90 to 100

Merged

Actions

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)